additional features to simplify key management is introduction of a single MK(Master Key) ; all security services derive their keys from the MK using a key derivation function

note: reading the standard

SRTP provides a framework for encryption and message authentication of RTP and RTCP streams(Section 3). SRTP defines a set of default cryptographic transforms(Sections 4 and 5),and it allows new transforms to be introduced in the future (Section 6). With appropriate key management (Sections 7 and 8), SRTP is secure (Sections 9) for unicast and multicast RTP applications (Section 11).

SRTP Framework

SRTP is defined as a profile of the RTP protocol; an extension of the Audio/Video profile. It can be visualized residing between RTP application and transport layer.

SRTCP to RTCP resembles SRTP to RTP; providing same services, but with mandatory message authentication.

is the cryptographic state information required to be saved by the sender and the receiver (e.g: keys, encryption algorithms used), session keys are derived form master keys and used directly in the cryptographic transform

the cryptographic context parameters can be transform-independent(independent of the particular encryption or authentication transform used), or transform-dependent

a cryptographic context of a packet is defined by the triplet context identifier = < SSRC, network address, port number>

– encrypt the payload with the algorithm defined by the cryptographic context,

– append the MKI if MKI indicator is set to 1

– compute the authentication tag defined by the cryptographic context

@receiver

– find out the cryptographic context to use.

– get packet index

– if MKI indicator is set to 1 get MKI from packet else use previous index, determine master key and master salt , session keys and session salt.

– authenticate

– decrypt

– update ROC and cryptographic context sequence number.

4. Predefined Algorithms for SRTP

for encryption

The encryption transforms defined in SRTP map the SRTP packet index
and secret key into a pseudo-random keystream segment. Each
keystream segment encrypts a single RTP packet. The process of
encrypting a packet consists of generating the keystream segment
corresponding to the packet, and then bitwise exclusive-oring that
keystream segment onto the payload of the RTP packet to produce the
Encrypted Portion of the SRTP packet. In case the payload size is
not an integer multiple of n_b bits, the excess (least significant)
bits of the keystream are simply discarded. Decryption is done the
same way, but swapping the roles of the plaintext and ciphertext.

– AES-CTR

– AES-f8

for authentication

We describe the process of computing authentication tags as follows.
The sender computes the tag of M and appends it to the packet. The
SRTP receiver verifies a message/authentication tag pair by computing
a new authentication tag over M using the selected algorithm and key,
and then compares it to the tag associated with the received message.
If the two tags are equal, then the message/tag pair is valid;
otherwise, it is invalid and the error audit message "AUTHENTICATION
FAILURE" MUST be returned.